Category Archives: Security

WordPress.org Makes It Harder For Security Journalists to Hype WordPress Plugin Vulnerabilities

Last Wednesday we discussed an ongoing issues where security journalist conflate WordPress plugin’s download count at WordPress.org with how many websites are using the plugin, making a vulnerability seem like it has much larger impact than it actual it does. In the case last week the headlines proclaimed things like “More than 1 million WordPress websites imperiled by critical plugin bug” about a security vulnerability that existed in older versions of WP Slimstat, beyond explaining the fact that the security vulnerability in question was unlikely to be widely exploited, we pointed out that the website count used was way off base. The journalist were taking the 1.3 million downloads the plugin had and using that to back up their claim on over 1 million websites impacted, which they shouldn’t have since it isn’t close to being appropriate substitute for an actual count of use.

Over the weekend WordPress.org made a change that should stop this, as they started displaying a count of Active Installs in addition to download counts for WordPress plugins. In the case of the WP Slimstat plugin the actual number of websites using it is much less than a million, with the Active Installs listed at 100,000+:

wp-slimstat-active-installs

Hopefully this will be a wake-up call to some of those journalist that they need to stop taking so many liberties when reporting on WordPress plugin security issues, since this isn’t the only problem that there has been with their coverage of the issue (which could use more quality coverage).

Attackers Can Use Blu-Ray Discs to Breach Networks: Researcher

An innocent-looking Blu-ray disc can be used by malicious actors to get a foothold in a targeted network, a researcher has warned.

According to Stephen Tomkinson of the NCC Group, both hardware and software Blu-ray players are plagued by vulnerabilities that can be leveraged to execute arbitrary files stored on the disc.

read more

Appie – Portable Android Security Testing Suite

Appie is a collection of software packages in a portable Windows format to help with Android security testing, specifically penetration testing Android applications. Appie since its latest release can also help with security assessments, forensics and malware analysis. It is completely portable and can be carried on USB stick or your smartphone....

Read the full post at darknet.org.uk

Appie – Portable Android Security Testing Suite

Appie is a collection of software packages in a portable Windows format to help with Android security testing, specifically penetration testing Android applications. Appie since its latest release can also help with security assessments, forensics and malware analysis. It is completely portable and can be carried on USB stick or your smartphone....

Read the full post at darknet.org.uk

Copyright © 1995 - 2015. Kashif Ali.